How do you do....it? Thread, Script help needed again! (NTFS permissions if folder exists) :( in Technical; Agh! Can never seem to find the time to sit down and learn these things. Only one on the helpdesk ...
-
24th June 2011, 08:42 AM #1 Script help needed again! (NTFS permissions if folder exists) :(
Agh! Can never seem to find the time to sit down and learn these things. Only one on the helpdesk today and need something sorted as soon as I can ideally.
Have my cap in hand, as usual extremely grateful to anyone who can help me out.
I need a vbs script (or batch file) to run on machines at startup (set through GP) to look for a folder in Program Files on all my client machines and if a certain folder is there, to set an AD group to Deny all.
For example, if the folder c:\Program Files\ferrets is found on a client computer, I'd like the permissions of c:\Program Files\ferrets and all subfolders and files to be set to Deny all for the group mydomain/students.
Anyone feeling helpful and can spoonfeed me this one?
Huge thanks for reading.
And no there's no ferrets loose. Well if there are they're not in the helpdesk.
-
-
IDG Tech News
-
24th June 2011, 09:03 AM #2 Try this:
Code:
if exist "C:\Program Files\Ferrets" cacls "C:\Program Files\Ferrets" /e /c /t /d "Students"
-
Thanks to webman from:
El_Nombre (24th June 2011)
-
24th June 2011, 09:12 AM #3 Webman's code looks pretty much spot on. For reference here's a few useful sites:
How to use Xcacls.exe to modify NTFS permissions or How to use Xcacls.vbs to modify NTFS permissions for Windows XP
Icacls for Windows 7
Test for the existence of a file/folder in a batch file: MS-DOS if command help
-
Thanks to Gerry from:
El_Nombre (24th June 2011)
-
24th June 2011, 09:51 AM #4 You could deny permissions to the folder through group policy itself, without the need for a startup script.
In a GPO;
Server 2008+: Computer Configuration>Policies>Windows Settings>File System
Server 2003: Computer Configuration>Windows Settings>File System
Right-click File system and click add file.
In the "Add a file or folder" Dialogue box, you can browse to the folder if the app is installed on the server, however this is generally unlikely, so you will need to type in the "folder" field: %ProgramFiles%\Ferrets
The %programfile% is a variable and will look for where Program Files is set to, whether it be on C: or some other drive.
You may find if running on a 64-bit system, that you may need a slightly different variable, I haven't tried it yet so can't tell you.
If the folder doesn't exist, it does nothing, as soon as it does, it changes the permission.
Hope this information helps.
Last edited by Jon_boy1984; 24th June 2011 at 09:54 AM.
-
Thanks to Jon_boy1984 from:
El_Nombre (24th June 2011)
-
24th June 2011, 10:12 AM #5 Thanks folks that's extremely helpful. Yes the policy settings are the more graceful solution, but the scripting reading looks awesome too.
Cheers tons!
Beer-200.jpg X 3
-
SHARE: 
Similar Threads
-
By tosca925 in forum Scripts
Replies: 17
Last Post: 19th March 2010, 11:51 PM
-
By GlennT in forum Windows
Replies: 5
Last Post: 28th September 2009, 03:48 PM
-
By FN-GM in forum Scripts
Replies: 7
Last Post: 20th March 2009, 11:03 AM
-
By scottyses in forum General Chat
Replies: 1
Last Post: 15th January 2008, 08:52 AM
-
Replies: 4
Last Post: 23rd November 2006, 09:33 PM
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
LinkBack URL
About LinkBacks
